* [IPSEC]: Fix IP ID selection
@ 2006-04-27 11:56 Herbert Xu
2006-04-28 22:23 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: Herbert Xu @ 2006-04-27 11:56 UTC (permalink / raw)
To: David S. Miller, netdev
[-- Attachment #1: Type: text/plain, Size: 800 bytes --]
Hi Dave:
I was looking through the xfrm input/output code in order to abstract
out the address family specific encapsulation/decapsulation code. During
that process I found this bug in the IP ID selection code in xfrm4_output.c.
At that point dst is still the xfrm_dst for the current SA which
represents an internal flow as far as the IPsec tunnel is concerned.
Since the IP ID is going to sit on the outside of the encapsulated
packet, we obviously want the external flow which is just dst->child.
The fix is trivial.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[-- Attachment #2: xfrm4-output-fid.patch --]
[-- Type: text/plain, Size: 437 bytes --]
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 32ad229..4ef8efa 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -62,7 +62,7 @@
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
0 : (iph->frag_off & htons(IP_DF));
if (!top_iph->frag_off)
- __ip_select_ident(top_iph, dst, 0);
+ __ip_select_ident(top_iph, dst->child, 0);
top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [IPSEC]: Fix IP ID selection
2006-04-27 11:56 [IPSEC]: Fix IP ID selection Herbert Xu
@ 2006-04-28 22:23 ` David S. Miller
0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2006-04-28 22:23 UTC (permalink / raw)
To: herbert; +Cc: netdev
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Thu, 27 Apr 2006 21:56:45 +1000
> I was looking through the xfrm input/output code in order to abstract
> out the address family specific encapsulation/decapsulation code. During
> that process I found this bug in the IP ID selection code in xfrm4_output.c.
>
> At that point dst is still the xfrm_dst for the current SA which
> represents an internal flow as far as the IPsec tunnel is concerned.
> Since the IP ID is going to sit on the outside of the encapsulated
> packet, we obviously want the external flow which is just dst->child.
>
> The fix is trivial.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thanks for catching this, applied, thanks Herbert.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-04-28 22:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-27 11:56 [IPSEC]: Fix IP ID selection Herbert Xu
2006-04-28 22:23 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox